Drop Incoming ICMPv4 Redirect Messages
ICMP redirects are broadcast in order to reshape network traffic. A malicious user could craft fake redirect packets and try to force all network traffic to pass through a network sniffer. If the system is not configured to ignore these packets, it could be suspectible to this kind of attack.
[yes/no]
To check if the system is configured to ignore ICMP redirect messages, run the following command:
sysctl net.inet.icmp.drop_redirect
If the value is not '1', this is a finding.
oval:org.secpod.oval:def:44294
SCAP Repo OVAL Definition
2018-02-21